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DETAILED ACTION 

1. Currently pending claims are 1-17. 

Response to Arguments 

2. Applicant's arguments with respect to instant claims have been fully considered but are 
moot in view of the new ground(s) of rejection necessitated by Applicant's amendment. 

3. Besides, Applicant asserts "Claim 10 recites that the data processing system processes 
data that can be accessed by individuals with a simple authorization according to the two man 
principle when the particular authorization is not present. The cited references fail to disclose 
the two man principle" (Remark: Page 9 / 3 rd Para). Examiner respectfully disagrees because 
the specific claim language of Claim 10 is indeed recited as " the data processing system 
processes data that can be accessed by an individual with authorization , or by individuals with a 
simple authorization according to the two man principle when the particular authorization is not 
present", where the 2 nd -part associated with the condition word "OR" constitutes the non- 
essential element. 

4. Furthermore, Applicant asserts "As per claims 6, 7, and 8, the prior-art does not teach 
that the authentication code is stored in a mobile memory unit that can be connected to the data 
processing system to transmit data" (Remark: Page 8 / 3 rd Para). Examiner respectfully 
disagrees because Thompson teaches an authentication device obtaining authentication 
information from an authentication medium (i.e. authentication card that stores authentication 
code), an access administration system operatively connected to the authentication device for 
verifying the authentication information and an access control system operatively connected to 
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the access administration system granting access resources when the authentication 
information is verified (Thompson: Para [0004] and [0021] Line 8-11). 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claim 9 is indefinite because the claim language " authenticated at the same time " is not 
clear regarding what exactly constitutes the timing limitation / threshold in terms of interval that 
is qualified as "at the same time" security status in order to particularly distinct the invention 
subject matter over the prior-arts and thereby rendering the scope of the claim(s) 
unascertainable. See MPEP § 2173.05(d). Any other claims not addressed are rejected by 
virtue of their dependency. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 
of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art 
to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was 
made. 



6. Claims 1 - 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Affleck et 
al. (U.S. Patent 2004/0260782), in view of Thompson (U.S. Patent 2005/0055709), and in view 
of Rosner(DE 10121819 A1). 
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As per claim 1 and 5, Affleck teaches a method for accessing a data processing system 
that is formed from data processing units networked to one another, the method comprising: 

providing a first authentication that authenticates a system administrator (Affleck: 
Figure 4 / Element 410, Figure 5 / Element 550, Para [0066] Line 1 - 2: the security module 
within the ADMIN module / program provides authentication that authenticates a system 
administrator to control the system technicians access right), 

authenticating the system administrator on a first data processing unit by 
transferring the first authentication to an authentication program (Affleck: Figure 4 / 
Element 410, Figure 5 / Element 550, Para [0066] Line 1 - 2: same as above), 

providing a second authentication that authenticates a system technician (Affleck: 
Para [0066]: a login name and password must be assigned to a technician), 

authenticating the system technician on a second data processing unit (Affleck: 
Figure 1 1 / Element 140, Para [0143] Line 8 - 10 / Line 34 - 37: (a) a technician PC connected 
to a remote lab is qualified as a second data processing unit and (b) an authenticated 
computing device (i.e. the authenticated technician PC ) that is connected directly to the remote 
lab) by transferring the second authentication to the authentication program (Affleck: 
Para [0066] and Para [0143] Line 8 - 10 / Line 34 - 37: an authenticated computing device (i.e. 
the authenticated technician PC) connected directly to the remote lab enables the technician to 
be authenticated for access to the resource according to the assigned access right) and 
generating an identification information item that identifies the carrier ( see Thompson 
below ) of the second authentication (Affleck: Para [0066] and Para [0143] Line 8 - 10 / Line 
34 - 37) - However, Affleck does not disclose expressly that identification information can be 
stored on an authentication medium carrier). 
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Thompson teaches generating an identification information item that identifies the 
carrier (Thompson: Para [0004]: the identification information can be stored on an 
authentication medium / carrier). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Thompson within the system of Affleck because 
(a) Affleck teaches allowing the system administrator to control / edit access rights of each of 
the technicians that may request to access the system based upon the input of authentication 
information (Affleck: Para [0066]), and (b) Thompson teaches the authentication information and 
collected work log data can be effectively presented from an authentication medium / carrier on 
an access administration system operatively connected to the authentication device (Thompson: 
Para [0004] Line 3 - 6). 

displaying the identification information item on the first data processing unit of 
the system administrator (Affleck: Para [0066] Line 2 - 4 / 10 - 13: (a) individual technicians / 
groups of technicians may be set or edited and logon attempts may be monitored by the system 
administrator and (b) since the administrator can restrict or delete the technician name / group 
and associated authentication information, as taught by Affleck, the technician name and 
associated authentication information must be displayed to the administrator beforehand), and 

enabling access authorization to the system technician when the first 
authentication is authenticated at the first data processing unit and the second 
authentication is authenticated at the second data processing unit (see Rosner below )and 
automatic triggering a function that generates and stores a log file that logs the activity 
of the system technician on the data processing system (Thompson: Para [0004] Line 5 - 
6, Para [0029] Line 4-5 and Para [0035] Line 1 - 3: automatic and manual triggering a work- 
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log analysis function by a system administrator) & (Affleck: Para [0066] and Para [0143] Line 8 - 
10 /Line 34-37). 

However, Affleck as modified does not disclose expressly enabling access authorization 
to the system technician when the first authentication is authenticated at the first data 
processing unit and the second authentication is authenticated at the second data processing 
unit . 

Rosner teaches enabling access authorization to the system technician only when the 
first authentication is authenticated at the first data processing unit and the second 
authentication is authenticated at the second data processing unit (Rosner: Abstract: Line 1 - 5 
and Line 11 - 13: data access can be granted only when two or more persons are present to be 
authenticated at the data processing unit(s) in order to authorize the access). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Rosner within the system of Affleck as modified 
because (a) Affleck teaches (i) allowing the system administrator to control / edit access rights 
of each of the technicians that may request to access the system based upon the input of 
authentication information and (ii) an authenticated computing device (i.e. the authenticated 
technician PC ) connected directly to the remote lab enables the technician to be authenticated 
for access to the resource according to the assigned access right (Affleck: Para [0066] and Para 
[0143] Line 8 - 10 / Line 34 - 37), and (b) Rosner teaches providing an highly enhanced 
security mechanism where sensitive data access can be granted only when two or more 
persons are present to be authenticated in order to authorize the access (Rosner: Abstract: Line 
1 - 5 and Line 11 - 13). 
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As per claim 9, the claim limitations are met as the same reasons as that set forth in the 
paragraph above regarding to claim 1 with the exception of the features (I) the enabling of an 
access authorization is done via the system administrator by manually triggering a function that 
is provided for this purpose in the authentication program, and can be accessed exclusively by 
the system administrator. However, Thompson further teaches manually triggering a function 
that is provided for this purpose in the authentication program, and can be accessed exclusively 
by the system administrator (Thompson: Para [0004] Line 5-6, Para [0029] Line 4-5 and 
Para [0035] Line 1 - 3: automatic and manual triggering a work-log analysis function by a 
system administrator in order to disable an individual access cards). 

However, Affleck as modified does not disclose expressly (II) checking whether the first 
authentication and second authentication are authenticated at the same time; and enabling 
access authorization to the system technician when the first authentication and second 
authentication are authenticated at the same time. 

Rosner teaches checking whether the first authentication and second authentication are 
authenticated at the same time; and enabling access authorization to the system technician 
when the first authentication and second authentication are authenticated at the same time 
(Rosner: Abstract: Line 1 - 5 and Line 11 - 13: data access can be granted only when two or 
more persons are present to be authenticated at the data processing unit(s) in order to 
authorize the access). See the same rationale of combination applied herein as above in 
rejecting the claim 1. 

As per claim 2, Affleck as modified teaches the second authentication is compared in the 
authentication program to a file that contains the second authentication, and when there is 
correspondence with the second authentication, a corresponding information item is transferred 
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to the system administrator (Affleck: Para [0066] Line 1 - 5: edit a file that contains access 
rights of each of technicians). 

As per claim 3, Affleck as modified teaches the second authentication contained in the 
file is assigned an identification information item that is specific thereto (Affleck: Para [0066] 
Line 1 - 5 & Line 10 - 13: a file that contains technician names / groups of technicians). 

As per claim 4, Affleck as modified teaches the identification information item comprises 
the name of the system technician (Affleck: Para [0066] Line 1 - 5 & Line 10 - 13: a file that 
contains technician names / groups of technicians). 

As per claim 6 and 7, Affleck as modified teaches the authentication code is stored in a 
mobile memory unit that can be connected to the data processing system to transmit data 
(Thompson: Para [0004] and [0021] Line 8-11: authentication card - an authentication device 
obtaining authentication information from an authentication medium (i.e. authentication card / 
carrier that stores authentication code), an access administration system operatively connected 
to the authentication device for verifying the authentication information and an access control 
system operatively connected to the access administration system granting access resources 
when the authentication information is verified). 

As per claim 8, Affleck as modified teaches the authentication card has a memory that 
stores the log file, an information item, or the combination thereof that permits access to the log 
file (Thompson: Para [0021] Line 8-11 and Para [0004] Line 4-6: see above @ claim 6 and 
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authentication medium / card to collect the work log data). 

As per claim 10, Affleck as modified teaches the data processing system processes data 
that can be accessed by an individual with authorization, or by individuals with a simple 
authorization according to the two man principle when the particular authorization is not present 
(Affleck: [0066] and Para [0143] Line 8 - 10 / Line 34 - 37) & (Rosner: Abstract: Line 1 - 5 and 
Line 11 - 13). 

As per claim 1 1 and 1 6, Affleck as modified teaches proof of the particular authorization 
is given by transferring a third authentication to the data processing system (Affleck: Para [0066] 
Line 1 5 - 1 9: the authentication of other technicians is qualified as a third authentication) & 
(Rosner: Abstract: Line 1 - 5 and Line 11-13). 

As per claim 12, Affleck as modified teaches the data is personal data that requires 
protection (Affleck: Para [0066]). 

As per claim 13, Affleck as modified teaches the connection between the first data 
processing unit and the second data processing unit is established via the Internet or via an 
intranet (Affleck: Figure 2) & (Rosner: Abstract: Line 1 - 5 and Line 11 - 13). 



As per claim 14, Affleck as modified teaches the identification information item 
comprises the membership of the system technician of a specific organization n (Affleck: Para 
[0066] Line 1 - 5 & Line 10 - 13: a file that contains technician names / groups of technicians). 
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As per claim 15, Affleck as modified teaches the authentication code is transferred to the 
authentication program by a keypad that is provided on a data processing unit (Affleck: Para 
[0066] Line 5-7 and Para [0010]: entering the authentication data via an user interface 
including a keyboard). 

As per claim 17, Affleck as modified teaches the personal data is patient data (Affleck: 
Para [0006]: samples of patients) & (Rosner: Abstract: Line 1 - 5 and Line 11 - 13). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant 
is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The 
examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Longbit Chai/ 

Longbit Chai E.E. Ph.D 
Primary Examiner, Art Unit 2431 
02/10/2009 



